Stream Control Transmission Protocol (SCTP) Acknowledgements Prof. Paul Amer Randall Stewart ~ Philip Conrad ~ Janardhan Iyengar CISC 856: TCP/IP and Upper Layer Protocols Presented By : Nikhil Shirude November 15, 2007
Dec 16, 2015
Stream Control Transmission Protocol (SCTP)
AcknowledgementsProf. Paul Amer
Randall Stewart ~ Philip Conrad ~ Janardhan Iyengar
CISC 856: TCP/IP and Upper Layer ProtocolsPresented By : Nikhil Shirude
November 15, 2007
Overview
• Motivation for SCTP• SCTP PDU and Chunk
Format• SCTP 4-Way Association• SCTP Association Shutdown• SCTP Multi-Homing• Summary
• Primary Motivation – Transportation of telephony signaling messages over IP networks
• Telephony Signaling – rigid timing & reliability requirements• TCP Limitations
head-of-line blocking does not preserve A-PDU boundaries no support for multi-homing vulnerable to SYN Flooding attacks
• SCTP Features 4 way handshake multihoming multistreaming framing
SCTP Motivation
SCTP OverviewServices/Features SCTP TCP UDP
Connection-oriented yes yes noFull duplex yes yes yesReliable data transfer yes yes noPartial-reliable data transfer proposed no noFlow control yes yes noTCP-friendly congestion control yes yes noECN capable yes yes noOrdered data delivery yes yes noUnordered data delivery yes no yesUses selective ACKs yes optional noPath MTU discovery yes yes noApplication PDU fragmentation yes yes noApplication PDU bundling yes yes noPreserves application PDU boundaries
yes no yes
Multistreaming yes no noMultihoming yes no noProtection against SYN flooding attack
yes no n/a
Allows half-closed connections no yes n/aReachability check yes yes noPseudo-header for checksum no (uses
vtags)yes yes
Time wait state for vtags for 4-tuple n/a
SCTP PDU Format
Source PortDestination
Port
Verification Tag
Checksum
Chunk 1
…
Chunk N
Common Header
• Building blocks of an SCTP PDU– Common Header which occupies the first 12 bytes– Header has a CRC-32 checksum.– Chunks are of two types: Control chunks and Data
chunks
Chunks
SCTP
PDU
SCTP Chunk Format
Type Flag Length
Chunk Information(Multiple of 4 bytes)
Type - Data, Init, SACK, Cookie Echo, HeartBeat …
Flag - Bit meanings depend on type
Length - Defines total size of the chunk including type, flags, length and data/parameters
Some SCTP Chunk Types
0x00 DATA User data
0x01 INIT ~ SYN
0x02 INIT-ACK
0x03 SACK Selective ACK
0x04 HEARTBEATKeep-alive message
0x05HEARTBEAT-
ACK
0x07 SHUTDOWN ~FIN
0x08SHUTDOWN-
ACK
Type SCTP
TCP
SCTP Feature Summary
What TCP and SCTP both have: reliability (retransmissions) congestion control connection oriented
SCTP adds the following: 4-way handshake
to reduce vulnerability to Denial of Service attacks multihoming
instead of one IP address per endpointa set of IP addresses per endpoint
framing preserve message boundaries multistreaming
instead of one ordered stream, up to 64K independent ordered streams
closed
listen
t=0
SYN
SYN sent
data
1RTT
ACK
established
First - TCP Connection Establishment
established
SYN-ACK
SYN recd(TCB created)
Security: TCP Flooding Attack
128.3.4.5
(victim) TCP-based web server
flooded!!
spoofed SYN’s
221.3.5.10
192.10.2.8
SYN 190.13.4.1
SYN 228.3.14.5
SYN 130.2.4.15
Internet
process
SYN
TCB = Transport Control Block
(attackers)
TCB
SYN 130.2.4.15 TCB
SYN 228.3.14.5
TCB
SYN 190.13.4.1
The SCTP Way: 4-way handshake limits attack
128.3.4.5
spoofed INIT’s
221.3.5.10
192.10.2.8
INIT 190.13.4.1
INIT 228.3.14.5
INIT 130.2.4.15
Internetproces
sINIT
(victim) SCTP-based web server
(attackers)
INIT-ACK130.2.4.15
INIT-ACK228.3.14.5
INIT-ACK190.13.4.1No reserved resources
No flooding!!
V: Verification tag I : Initiate tag
1RTTINIT–ACK (V=TagA) (I=TagB)(StateCookie)
closed
closed
t=0 INIT (V=0) (I=TagA)cookiewait
COOKIE–ECHO (V=TagB) (StateCookie) cookieechoed
data (V=TagB) established
2RTTCOOKIE–ACK (V=TagA)
estab’d
SCTP: Four-way Association Setup
Information from original INIT Information from current INIT-ACK Timestamp Life span of cookie (Time to Live) Signature for authentication (MD5)
What does a Cookie contain?
SCTP Association Graceful Shutdown
DATADATA
SACK
SHUTDOWN
Upper layer invokes SHUTDOWN
shutdown_pending
shutdown_sent
estbl’d estbl’d
stop accepting data
shutdown_pending
shutdown_sent
shutdown_received
stop accepting data
shutdown_ack_sent
closed
(delete TCB)
SHUTDOWN_ACK
SHUTDOWN + SACK
SHUTDOWN
DATA
SHUTDOWN_COMPLETE
closed
(delete TCB)
SCTP Feature SummaryWhat TCP and SCTP both have: reliability (retransmissions) congestion control connection oriented
SCTP adds the following: 4-way handshake
to reduce vulnerability to Denial of Service attacks multihoming
instead of one IP address per endpointa set of IP addresses per endpoint
framingpreserve message boundaries
multistreaminginstead of one ordered stream, up to 64K independent ordered streams
......
Application
SCTP
IP
...
...
port
IP addresses
Link
Physical
132 (IANA)
Multi-Homing
Multi-Homing: Technique to improve reachability of hostswhich are reachable on more than 1 destinations (interfaces)
19
Traditional “Multi” homing (TCP)
Web server client
InternetB2
A2
B1
transport connection
points of failure
A1
•In TCP, host choose 1 of 4 possible combinations:(A1,B1) or (A1,B2) or (A2,B1) or (A2, B2)
20
Innovative “Multi” homing in SCTP
Web server client
Internet
transport “association”
B2A2
A1
SCTP Multihoming
•Hosts use one association ({A1,A2}, {B1,B2})•New data sent to one primary destination - Let B1 be the web server’s primary destination - Let A1 be the client’s primary destination •Path status and destination reachability constantly monitored.
B1
single-homed SCTP endpoint
A1
Host A
IP=128.33.6.12
endpoint=[128.33.6.12 : 100]
B2
multi-homed SCTP endpoint
B3B1
Host B
IP1=160.15.82.20IP2=161.10.8.221IP3=10.1.61.11
endpoint=[160.15.82.20, 161.10.8.221, 10.1.61.11 : 200]
B2 B3B1
Host B
association={ [128.33.6.12 : 100] : [160.15.82.20, 161.10.8.221, 10.1.61.11 : 200] }
SCTP association
application
SCTP100
application
SCTP200
A1
Host A
IP=128.33.6.12
application
SCTP100
SCTP200
applicationIP1=160.15.82.20IP2=161.10.8.221IP3=10.1.61.11
Multi-homing Association
1232341
TCP data transfer without loss
A2
A1
B2
B1
receive buffer (6)
delivered to application
123456 132
sent by application
23456 3456 456 56 6
45
4
56
5
6
6
datadata
data to be sent
34156 1232
TCP data transfer with loss
A2
A1
B2
B1
receive buffer (6)
delivered to application
data to be sent
123456 13 2
data
23456
4
4
5
5
6
6
retransmission
loss
datasent from application
515 66 123234
TCP data transfer with single path failure
A2
A1
B2
B1
receive buffer (6)
delivered to application
data to be sent
123456 132
sent by applicationdata
23456 3456 456
4
connection fails!
6 65 54 4
data
1232341
SCTP data transfer without loss
A2
A1
B2
B1
receive buffer (6)
delivered to application
data to be sent
123456 132
sent by application
data
23456 3456 456 56 6
45
4
56
5
6
6
data
1345634156
2
2
SCTP data transfer with loss
A2
A1
B2
B1
receive buffer (6)
delivered to application
data to be sent
123456 13 2
data
23456 6 45 6
retransmission
2
loss
datasent from application
231
SCTP data transfer with single path failure
A2
A1
B2
B1
receive buffer (6)
delivered to application
data to be sent
123456
sent by application
data
23456 3456 456
6 65 54 4
45656 6
123456215436
retransmission
data
Multihoming Example1. Laptop connected via Ethernet and Wireless.2. Both the interfaces are reachable by the peer.3. Ethernet gets disconnected, transmission of data fails.4. Failure detected, SCTP uses the wireless interface to transmit.5. HEARTBEAT is received. 6. Ethernet link is restored.
Client Host(SCTP) Server Host
(SCTP)
A1
A2
B1
B2Internet
EthernetEthernet
802.11
802.11
New Transmission Path
Heartbeat received
primary alternates
DATA
• Host A monitors reachability of primary dest address of Host B
SCTP Failure Detection
Host A starts the retransmission timer• If timer expires increment error_count
If error_count > threshold path = inactive
• If Host A receives SACK before timer expires error_count = 0 & path = active
SACKA1
Host Aapplication
SCTP100
B2 B3B1
Host Bapplication
SCTP200
error_count --> variable associated with each destination address of a host. (initially zero)
Host A monitors reachability of idle destination addresses of Host B
•HEARTBEAT is sent periodically to each idle address• When a HEARTBEAT is sent
increment error_count If error_count > threshold
path = inactive
• If Host A receives a HEARTBEAT-ACK error_count = 0 & path = active
• When primary dest. address is detected unreachable => SCTP sender chooses REACHABLE, alternate dest. address as primary
primary alternates
HEARTBEAT HEARTBEAT-ACK
A1
Host Aapplication
SCTP100
B2 B3B1
Host Bapplication
SCTP200
HEARTBEAT?
•HEARTBEAT is a chunk that an endpoint sends to its peer endpoints to probe the reachability of a particular destination transport address.
•In our case, the HEARTBEAT is sent to a destination address which has been idle for a long time to check for its reachability.
•HEARTBEAT ACK is a chunk which an endpoint sends to its peer endpoints as a response to a HEARBEAT
chunk.
32
Summary of SCTP
• SCTP used for applications which require data reliability and rigid timing.
• SCTP provides security against DOS attacks by using cookies during association
• SCTP association can bind multiple IP addresses at each endpoint
• SCTP provides multi-homing for applications that require high degree of fault tolerance.
33
Reference Material
Textbooks Stream Control Transmission Protocol (SCTP)Randall Stewart, Qiaobing Xie, Addison Wesley, 2002
TCP/IP Protocol Suite – Chapter 13Behrouz Forouzan
RFC’s• RFC 2960 - Stream Control Transmission Protocol
• RFC 3286 - An Introduction to SCTP
• RFC 4460 - SCTP Specification Errata and Issues